refer to the exhibit, which contains a static route configuration. an administrator created a static route for amazon web services. what CLI command must the administrator use to view the route?11

get router info routing-table database

get internet-service route list

get router info routing-table all

in the network shown in the exhibit, the client cannot connect to the HTTP web server. the administrator runs the fortigate built-in sniffer and gets the output as shown in the exhibit. what should the administrator do next to troublesshot the problem? 12

execute another sniffer in the fortigate, this time with the filter "host 10.0.1.10"

run a sniffer on the web server

capture the traffic using an external sniffer connected to port1

why did fortigate drop the packet?19

it matched the default implicit firewall policy

the next-hop IP address is unreachable

it matched an explicitly configured firewall policy with the action DENY

refer to the exhibit to view the application control profile. based on the configuration, what will happen to apple face time?26

apple face time will be allowed, based on the excessive-bandwidth filter configuration

apple face time will be allowed only if the filter in application and filter overrides is set to learn

apple face time will be allowed, based on the apple filter configuration

apple face time will be allowed, based on the categories configuration

a network administrato is troubleshooting an IPsec tunnel between two fortigate devices. the administrator has determined that phase 1 faild to come up. the administrator has also re-entered the pre-shared key on both.......................choose two.28

on remote fortigate, set port2 as interface,

on HQ-fortigate, set IKE mode to main (ID protection)

on both fortigate devices, set dead peer detection to on demand

on HQ-fortigate, disable diffie-helman group2

a network administrator is troubleshooting an IPsec tunnel between two fortigate devices. the administrator has determined that phase 1 status is up, but phase 2 fails to come up. based on the phase 2 configuration shown in the exhibit, what configuration change will bring phase 2 up? 32

on HQ-fortigate, set encryption to AES256

on HQ-fortigate, enable auto-negotiate

on remote-fortigate, set seconds to 43200

on HQ-fortigate, enable diffie-hellman group 2

which two key configuration changes are neede on fortigate to meet the design requirements?choose two.35

configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel

configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel

enable auto-negotiate and autokey keep alive on the phase 2 configuration of both tunnels

refer to the fortiguard connection debug output. based on the output shown in the exhibit, which two statement are correct?choose two.37

one server was contacted to retrieve the contract information

fortigate is using default fortiguard communication settings

there is at least one server that lost packet consecutively

a local fortimanager is one of the servers fortigate communicates with

an administrator creates a new address object on the root fortigate(local-fortigate) in the security fabric. after synchronization, this object is not available on the downstream fortigate(ISFW) what must the administrator do to synchronize the address object?38

change the csf setting on local-fortigate(root) to set fabric-object-unification default

change the csf setting on ISFW (downstream) to set fabric-object-unification default

change the csf setting on Local-fortigate (root) to set configuration-sync local

change the csf setting on ISFW (downstream) to set configuration-sync local

the exhibit shows the fortiguard category based filtersection of a corporate web filter profile. an administrator must block access to download.com , which belongs to the fireware and software downloads category. choose options? 41

configure a static URL filter entry download.com with tupe and action set to wilcard and block, respectively

configure a web override rating for download.com and select malicious websites as the subcategory

configure a separate firewall policy with action Deny an FQDN address object for *. download.com as destination address

set the freeware and software downloads category action to warning

the exhibit shows the fortiguard category based filtersection of a corporate web filter profile. an administrator must block access to download.com , which belongs to the fireware and software downloads category. choose options? 41

configure a static URL filter entry download.com with tupe and action set to wilcard and block, respectively

configure a web override rating for download.com and select malicious websites as the subcategory

configure a separate firewall policy with action Deny an FQDN address object for *. download.com as destination address

set the freeware and software downloads category action to warning

refer to the fortiguard connection debug output. based on the output shown in the exhibit, which two statement are correct?choose two.37

one server was contacted to retrieve the contract information

fortigate is using default fortiguard communication settings

there is at least one server that lost packet consecutively

a local fortimanager is one of the servers fortigate communicates with

the exhibit shows a diagram of a fortigate device connected to hte network and the firewall policy and IP pool configuration on the fortigate device. two pcs,pc1 and pc2, are connected behind fortigate and can access the internet successfully. however, when the administrator adds a third PC to the network(pc3)43

configure another firewall policy that matches only the address of pc3 as source, and then place the policy on top of the list

in the ip pool configuration set endip to 192.2.0.12

configure 192.2.0.12/24 as the secondary IP address on port1

in the firewall policy configuration, disable ippol

in the IP pool configuration, set type to overload

the exhibits show a firewall policy(exhibit A) and an antivirus profile (exhibit B) why is the user unable to receive a block replacement mesage when downloading an infected file for the first time?44

flow-based inspections is used, which resets the last packet to the user

the firewall policy performs a full content on the file

the intrusion prevention security profile must be enabled when using flow-based inspection mode

the volume of traffic being inspected is too high for this model of fortigate

the exhibits contain a network interface configuration, firewall policies, and a CLI console configuration. how will the fortigate device handle user authentication for traffic that arrives on the LAN interface?45

all users will be prompted for authentication, users from the HR group can authenticate successfully with the correct credentials

if the as a fall-through policy in place, users will not be prompted for authentication

authentication is enforced only at a policy level, all users will be prompted for authentication

all users will be prompted for authentication, users from the sales group can authenticate successfully with the correct credentials

exhibit A shows a topology for a fortigate HA cluster that performs proxy-based inspection on traffic. exhibit B shows the HA configuration and the partial output of the get system ha status command based on the exhibits, which two statement about the traffic passing throught the cluster are true? choose two.46

the cluster can load balance ICMP connections to the secondary

for non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source

the traffic sourced from the client and destined to the server is sent to FGT-1

for load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary

exhibit A shows a topology for a fortigate HA cluster that performs proxy-based inspection on traffic. exhibit B shows the HA configuration and the partial output of the get system ha status command based on the exhibits, which two statement about the traffic passing throught the cluster are true? choose two.46

the cluster can load balance ICMP connections to the secondary

for non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source

the traffic sourced from the client and destined to the server is sent to FGT-1

for load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary

the exhibit shows a diagram of a fortigate device connected to hte network and the firewall policy and IP pool configuration on the fortigate device. two pcs,pc1 and pc2, are connected behind fortigate and can access the internet successfully. however, when the administrator adds a third PC to the network(pc3)43

configure another firewall policy that matches only the address of pc3 as source, and then place the policy on top of the list

in the ip pool configuration set endip to 192.2.0.12

configure 192.2.0.12/24 as the secondary IP address on port1

in the firewall policy configuration, disable ippol

in the IP pool configuration, set type to overload

the exhibit shows a diagram of a fortigate device connected to the network and the firewall policy and IP pool configuration on the fortigate device. which two actions does fortigate take on internet traffic sourced from the subscribers? choose two47

fortigate allocates port blocks on a first-come, first-server basis.

fortigate generates a system event log for every port block allocation made per user

fortigate allocates 128 port blocks per user

fortigate allocates port blocks per user based on the configured range of internal IP addresses

exhibit a shows a network diagram. exhibit b shows the firewall policy configuration and a VIP object configuration. the WAN (port1) interface has the IP address 10.200.1.1/24 the LAN (port3) interface has the IP address 10.0.1.254/24 if the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address..........63

10.0.1.254, 10.0.1.10, and 443, respectively

10.0.1.254,10.200.1.10, and 443, respectively

10.200.3.1, 10.0.1.10, and 443, respectively

10.0.1.254, 10.0.1.10, and 10443, respectively

the exhibit shows a diagram of a fortigate device connected to the network and the firewall policy and IP pool configuration on the fortigate device. which two actions does fortigate take on internet traffic sourced from the subscribers? choose two47

fortigate allocates port blocks on a first-come, firts-serverd basis

fortigate generates a system event log for every port block allocation made per user

fortigate allocates 128 port blocks per user

fortigate allocates port blocks per user based on the configured range of internal IP addresses

exhibit a shows a network diagram. exhibit b shows the firewall policy configuration and a VIP object configuration. the WAN (port1) interface has the IP address 10.200.1.1/24 the LAN (port3) interface has the IP address 10.0.1.254/24 if the host 10.200.3.1 sends a TCP SYN packet on port 10443 to 10.200.1.10, what will the source address..........63

10.0.1.254, 10.0.1.10, and 443, respectively

10.0.1.254,10.200.1.10, and 443, respectively

10.200.3.1, 10.0.1.10, and 443, respectively

10.0.1.254, 10.0.1.10, and 10443, respectively

dibujitos

Quiz

•

Architecture

•

3rd Grade

•

Practice Problem

•

Easy

heber molero

Used 21+ times

FREE Resource

31 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

the root and the_internet vdoms are configured in nat mode the dmz and local vdoms are configured in tranparent mode. the root vdom is the management vdom the to_internet vdom allows lan users to access the internet.the to_internet vdom is the only vdom with internet access and is directly connected to ISP modem. which statement is true?

inter-vdom links are not requiered between the root and to_internet vdoms and to_internet vdoms because the root vdoms is used only as a management vdom

inter-vdom links are required to allow traffic between the local and dmz vdoms

inter-vdom links are required to allow traffic between the local and root vdoms

a static route is required on the to_internet vdom to allow lan users to access the internet

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

review the intrusion prevention system(ips) profile signature settings. which statement is correct in adding the ftp.login.failed signature to the ips sensor profile?3

traffic matching the signature will be allowed and logged

traffic matching the signature will be silently dropped and logged

the signature setting uses a custom rating threshold,

the signature setting includes a group of other signatures

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

refer to the exhibit to view the firewall policy. which statement is correct it if well-known viruses are not being blocked?5

the firewall policy does not apply deep content inspection

the action on the firewall policy must be set to deny

web filter should be enable on the firewall policy to complement the antivirus profile

the firewall policy must be configured in proxy-based inspection mode

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

the exhibit contains a network diagram, central snat policy, and IP pool configuration. the WAN(port1) interfaces has the ip address 10.200.1.1/24. the lan(port3) interfaces has the IP address 10.0.1.254/24. a firewall policy is configured to allow all destination from................7

10.200.1.99

10.200.1.49

10.200.1.149

10.200.1.1

MULTIPLE SELECT QUESTION

45 sec • 1 pt

based on the raw log, which two statements are correct? choose two.8

traffic is blocked because action is set to DENY in the firewall policy

log severity is set to error on fortigate

traffic belongs to the root VDOM

this is a security log

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

based on the administrator profile settings what permissions must the administrator set to run the diagnose firewall auth list CLI command on foritgate?

read/write permission for log & report

read/write permission for firewall

custom premission for network

CLI diagnostics commands permission

MULTIPLE SELECT QUESTION

45 sec • 1 pt

the exhibit contains a network diagram, firewall policies, and a firewall address object configuration. an administrator created a deny policy with default settings to deny webserver access for remote user2 remote-user2 is still able to access webserver. which two changes can the administrator make to deny webserver access for remote-user2?choose two.10

disable match-vip in the Deny policy

enable match-vip in the deny policy

set the destination address as web server in the deny policy

set the destination address as deny. ip in the allow-access policy

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

27 questions

Tumor Markers

Quiz

•

1st - 5th Grade

34 questions

Geo Benchmark #2 Review

Quiz

•

1st Grade - University

35 questions

Code of Ethical Conduct

Quiz

•

1st - 3rd Grade

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Architecture

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

10 questions

Area

Quiz

•

3rd Grade

26 questions

Christmas Songs

Quiz

•

2nd - 3rd Grade

17 questions

Multiplication facts

Quiz

•

3rd Grade

10 questions

Holiday Song Guessing Game!

Quiz

•

3rd - 5th Grade

12 questions

Holiday Fun

Quiz

•

3rd Grade